Cross site request forgery (csrf)

EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339...

CVE-2018-18449

EmpireCMS 7.5 is affected by a CSRF vulnerability that allows adding a user account via enews=AddUser on e/admin/user/ListUser.php (and related mentions in CVE records). The NVD entry for CVE-2018-18449 lists CVSS v2 base score 6.8 (MEDIUM) and CVSS v3 base score 8.8 (HIGH) with network attack ve...